Call for 4.3.29 Patches
list Japheth Cleaver
Hello all, I'm pushing for a release of 4.3.29 relatively soon. I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes), I'd appreciate if you could point them out. Regards, -jc
list Axel Beckert
Hi JC, On Tue, Mar 26, 2019 at 01:37:32PM -0700, Japheth Cleaver wrote:
I'm pushing for a release of 4.3.29 relatively soon.
Cool, thanks!
▸
I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes), I'd appreciate if you could point them out.
Here are the patches Debian applies to 4.3.28: https://salsa.debian.org/debian/xymon/tree/master/debian/patches I'll try to categorize them quickly: Missing fixes: * 39_kfreebsd-makefile.patch: Support for the GNU/kFreeBSD architecture/platform (i.e. FreeBSD kernel with GNU instead of BSD userland). * 42_bbcombotest-fix.patch: Fix bbcombotest: "Could not access hobbitd board, error 0". (Don't have more details, sorry. Christoph might perhaps remember more details.) * 63_netstat-ant-vs-ipv6-address-truncating.patch: Port monitoring seems to cut off IPv6 addresses. This seems to be unrelated to "Fix RRD parsing for recent netstat (net-tools) on Linux". * 66_apache2.4.patch: Some Apache 2.4 fixes. Since Apache 2.2 is End of Life already, IMHO you do not need to care for the old syntax anymore. Then again, some distributions with long-term support might still have Apache 2.2, so you might want to cross-check if that has some impact there. * 84_fix_compilation_on_GNU_Hurd.patch: Fixes compilation on the GNU Hurd architecture/platform. * 90_fix-spelling-errors.patch: Spelling error fixes. Can't be used 1:1, but shows what is missing: * 51_hardening-buildflags.patch: CFLAGS are hardcoded and don't respect any such environment variable. Feature patches: * 27_hobbit_files_ifexist.patch: Adds an "ifexist" feature to the files check. Might be no more needed: * 69_disk-no-duplicate-root.patch: Ignore duplicate submissions for the "/" partition. For a while Debian and some other distributions report the root partition twice because it got remounted during boot. I though don't see that behaviour on a current Debian Stable anymore. State unclear: * 33_526176-ldap.patch: There seems to be an LDAP API change necessary some time in the future (for 10 years now) and this seems to be the lazy workaround. See https://bugs.debian.org/526176 I must admit, I'm not sure if that's still necessary. This has been added to Debian in April 2009, but https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes says that Hernik worked on this in November 2008 and it was included in the 4.2.2 release in December 2008. And Debian shipped 4.2.2 in January 2009 and added this patch in April 2009 with 4.3.0 beta2. So those things don't seem to have overlapped each other. And these changelog entries don't sound as if this has been fixed properly r5990 | storner | 2008-11-28 07:43:02 +0100 (Fri, 28 Nov 2008) | 1 line Changed paths: M /branches/4.2.2/build/test-ldap.c Build properly with new OpenLDAP API by using deprecated functions. […] r5995 | storner | 2008-11-28 10:27:42 +0100 (Fri, 28 Nov 2008) | 1 line Changed paths: M /branches/4.2.2/bbnet/ldaptest.h Build properly with new OpenLDAP API by using deprecated functions (missed ldaptest.h in previous commit) But then again, I'd wonder why this "lazy" fix worked for now 10 years without causing issues with the deprecated LDAP functions finally being removed. (Probably)already included patches: * 00_htmlcontenttype.patch: Seems to be "Ensure Content-Type always set in HTML headers (Thanks, Christoph Berg)" * 24_hobbitclient-tmpfs.patch: Might be "Ignore additional common tmpfs partitions on recent Linux", but you might want to cross-check. * 87_fix_logfetch_FTBFS_with_glibc_2.26.patch: Applied in r8030. These seem to be Debian specific patches are are marked as not needing to be forwarded to upstream, so you can safely ignore them: * 03_doc-paths.patch: Debian-specific path changes. * 09_hobbitclient-debian.patch: Adds a dpkg section to client reports. * 12_hobbitvars.patch: Debian-specific path changes. * 21_FHS-instead-FSSTND-in-example-in-man-page.patch: Debian-specific path changes. * 30_prefer-packaged-temp-plugin-over-unpackaged-devmon.patch: Different default settings with regards to one plugin. * 45_fix-configure-for-multiarch.patch: Debian-specific generated paths. * 48_png-multiarch.patch: Debian-specific generated paths. Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
list Bruce Ferrell
▸
On 3/26/19 2:27 PM, Axel Beckert wrote:
Hi JC, On Tue, Mar 26, 2019 at 01:37:32PM -0700, Japheth Cleaver wrote:I'm pushing for a release of 4.3.29 relatively soon.Cool, thanks!I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes), I'd appreciate if you could point them out.Here are the patches Debian applies to 4.3.28: https://salsa.debian.org/debian/xymon/tree/master/debian/patches I'll try to categorize them quickly: Missing fixes: * 39_kfreebsd-makefile.patch: Support for the GNU/kFreeBSD architecture/platform (i.e. FreeBSD kernel with GNU instead of BSD userland). * 42_bbcombotest-fix.patch: Fix bbcombotest: "Could not access hobbitd board, error 0". (Don't have more details, sorry. Christoph might perhaps remember more details.) * 63_netstat-ant-vs-ipv6-address-truncating.patch: Port monitoring seems to cut off IPv6 addresses. This seems to be unrelated to "Fix RRD parsing for recent netstat (net-tools) on Linux". * 66_apache2.4.patch: Some Apache 2.4 fixes. Since Apache 2.2 is End of Life already, IMHO you do not need to care for the old syntax anymore. Then again, some distributions with long-term support might still have Apache 2.2, so you might want to cross-check if that has some impact there. * 84_fix_compilation_on_GNU_Hurd.patch: Fixes compilation on the GNU Hurd architecture/platform. * 90_fix-spelling-errors.patch: Spelling error fixes. Can't be used 1:1, but shows what is missing: * 51_hardening-buildflags.patch: CFLAGS are hardcoded and don't respect any such environment variable. Feature patches: * 27_hobbit_files_ifexist.patch: Adds an "ifexist" feature to the files check. Might be no more needed: * 69_disk-no-duplicate-root.patch: Ignore duplicate submissions for the "/" partition. For a while Debian and some other distributions report the root partition twice because it got remounted during boot. I though don't see that behaviour on a current Debian Stable anymore. State unclear: * 33_526176-ldap.patch: There seems to be an LDAP API change necessary some time in the future (for 10 years now) and this seems to be the lazy workaround. See https://bugs.debian.org/526176 I must admit, I'm not sure if that's still necessary. This has been added to Debian in April 2009, but https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes says that Hernik worked on this in November 2008 and it was included in the 4.2.2 release in December 2008. And Debian shipped 4.2.2 in January 2009 and added this patch in April 2009 with 4.3.0 beta2. So those things don't seem to have overlapped each other. And these changelog entries don't sound as if this has been fixed properly r5990 | storner | 2008-11-28 07:43:02 +0100 (Fri, 28 Nov 2008) | 1 line Changed paths: M /branches/4.2.2/build/test-ldap.c Build properly with new OpenLDAP API by using deprecated functions. […] r5995 | storner | 2008-11-28 10:27:42 +0100 (Fri, 28 Nov 2008) | 1 line Changed paths: M /branches/4.2.2/bbnet/ldaptest.h Build properly with new OpenLDAP API by using deprecated functions (missed ldaptest.h in previous commit) But then again, I'd wonder why this "lazy" fix worked for now 10 years without causing issues with the deprecated LDAP functions finally being removed. (Probably)already included patches: * 00_htmlcontenttype.patch: Seems to be "Ensure Content-Type always set in HTML headers (Thanks, Christoph Berg)" * 24_hobbitclient-tmpfs.patch: Might be "Ignore additional common tmpfs partitions on recent Linux", but you might want to cross-check. * 87_fix_logfetch_FTBFS_with_glibc_2.26.patch: Applied in r8030. These seem to be Debian specific patches are are marked as not needing to be forwarded to upstream, so you can safely ignore them: * 03_doc-paths.patch: Debian-specific path changes. * 09_hobbitclient-debian.patch: Adds a dpkg section to client reports. * 12_hobbitvars.patch: Debian-specific path changes. * 21_FHS-instead-FSSTND-in-example-in-man-page.patch: Debian-specific path changes. * 30_prefer-packaged-temp-plugin-over-unpackaged-devmon.patch: Different default settings with regards to one plugin. * 45_fix-configure-for-multiarch.patch: Debian-specific generated paths. * 48_png-multiarch.patch: Debian-specific generated paths. Kind regards, Axel
while Apache 2.2 is EOL, there are a LOT of distros and installations that still have it running running back ports. I'd say it costs nothing to leave in and has the potential of creating a lot of heartache by taking it out... Even if Debian does like it that way.
list Axel Beckert
Hi,
▸
On Tue, Mar 26, 2019 at 04:23:33PM -0700, Bruce Ferrell wrote:* 66_apache2.4.patch: Some Apache 2.4 fixes. Since Apache 2.2 is End of Life already, IMHO you do not need to care for the old syntax anymore. Then again, some distributions with long-term support might still have Apache 2.2, so you might want to cross-check if that has some impact there.while Apache 2.2 is EOL, there are a LOT of distros and installations that still have it running running back ports.
So far I only can come up with RHEL/CentOS 6, Debian 7 Wheezy ELTS (EoL in about two months) and Ubuntu 12.04 ESM (i.e. paid-only LTS) who still provide Apache 2.2. At least Wheezy and Ubuntu 12.04 ship Xymon out of the box and I would be surprised if anyone on these releases follows upstream source code instead of using the distro-provided packages (with older Xymon versions). So probably the only still relevant distro shipping Apache 2.2 is RHEL/CentOS 6. JC probably knows better how wide-spread Xymon is there.
I'd say it costs nothing to leave in
IMHO the cost is primarily to figure out if a case switch is needed between Apache 2.2 and 2.4. The patch _is_ needed if you want to run your Apache 2.4 without mod_access_compat — which probably will vanish in some future Apache release as its sole purpose is to provide Apache 2.2 authentication/authorization syntax in Apache 2.4, i.e. needs to be applied at some point in the future for sure.
▸
and has the potential of creating a lot of heartache by taking it out...
Only if there are people out there who don't rely on distro-built packages and want the newest version of Xymon on their oldest boxes,
▸
Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
list Bruce Ferrell
▸
On 3/26/19 4:41 PM, Axel Beckert wrote:
Hi, On Tue, Mar 26, 2019 at 04:23:33PM -0700, Bruce Ferrell wrote:* 66_apache2.4.patch: Some Apache 2.4 fixes. Since Apache 2.2 is End of Life already, IMHO you do not need to care for the old syntax anymore. Then again, some distributions with long-term support might still have Apache 2.2, so you might want to cross-check if that has some impact there.while Apache 2.2 is EOL, there are a LOT of distros and installations that still have it running running back ports.So far I only can come up with RHEL/CentOS 6, Debian 7 Wheezy ELTS (EoL in about two months) and Ubuntu 12.04 ESM (i.e. paid-only LTS) who still provide Apache 2.2. At least Wheezy and Ubuntu 12.04 ship Xymon out of the box and I would be surprised if anyone on these releases follows upstream source code instead of using the distro-provided packages (with older Xymon versions). So probably the only still relevant distro shipping Apache 2.2 is RHEL/CentOS 6. JC probably knows better how wide-spread Xymon is there.
And variants of RHEL/Centos... The first that comes to mind is Scientific Linux out of Fermi Labs. I do agree the Deb/Ubuntu types probably don't build from scratch.
▸
I'd say it costs nothing to leave inIMHO the cost is primarily to figure out if a case switch is needed between Apache 2.2 and 2.4. The patch _is_ needed if you want to run your Apache 2.4 without mod_access_compat — which probably will vanish in some future Apache release as its sole purpose is to provide Apache 2.2 authentication/authorization syntax in Apache 2.4, i.e. needs to be applied at some point in the future for sure.
My observation on my systems, the "case switch" is right in the Apache configuration file as Apache directives, testing for the correct apache module. The fact the the Apache configuration "just works" no matter WHAT, was a very pleasant change from ye olden dayes, when I had to craft the config myself.... Thanks JC!
▸
and has the potential of creating a lot of heartache by taking it out...Only if there are people out there who don't rely on distro-built packages and want the newest version of Xymon on their oldest boxes,
You mean the vast majority of systems admins? As a systems admin, I don't *tend" to do forklift updates... the entire system to update an application. That is a HUGE amount of pain and effort and I tend to develop resentments around it... To the point of finding things that aren't so problematic. So dropping it means running systems suddenly can't update. OK, can't is probably an overstatement... It's not as bad as demanding a whole different glibc but I'd say it's NOT particularly friendly to people who use the code or you want to use it.
list John Horne
▸
On Tue, 2019-03-26 at 13:37 -0700, Japheth Cleaver wrote:
Hello all, I'm pushing for a release of 4.3.29 relatively soon. I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes), I'd appreciate if you could point them out.
Hi, A couple of small xymonnet patches we used on our 4.3.12 server for several years until recently (upgraded to 4.3.28). They are both one-line changes, but should be reviewed as we don't actually use the NONETPAGE setting. However, looking at the code it just seems wrong (which is probably why we initially modified our local code). It seems a variable is set, but then never used when it should have been. Patches attached. John. -- John Horne | Senior Operations Analyst | Technology and Information Services University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK [http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>; This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
![http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>](http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>){kind=link}
list Tom Schmidt
I have a few patches to submit as well. Attached is a context diff file for my changes to the 4.3.28 source files. Comments includes for most of the changes. Tom
▸
-----Original Message-----
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Japheth Cleaver
Sent: Tuesday, March 26, 2019 2:38 PM
To: Xymon Mailing List <xymon at xymon.com>
Subject: [EXT] [Xymon] Call for 4.3.29 Patches
Hello all,
I'm pushing for a release of 4.3.29 relatively soon. I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fxymon%2Fcode%2FHEAD%2Ftree%2Fbranches%2F4.3.29%2FChanges&data=user-e68b78a42832@xymon.invalid%7C40feb9989dd94966d8f008d6b22af49f%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C636892294904732386&sdata=aE7E5XBovDee%2FIFl7Ec%2FSL3PQ7RTeNDM8zOEDTj8lKc%3D&reserved=0), I'd appreciate if you could point them out. Regards, -jc
Attachments (1)
list Toshimitsu Fujiwara
Hi JC, I have built snapshot of 4.3.29 and found it has same problem reported in mailing list before. (logfetch sometimes losts text in file) see: https://lists.xymon.com/archive/2016-June/043643.html I think attached patch is still useful. Regards, Toshimitsu FUJIWARA ---- Original Message ---- Sender: Japheth Cleaver <user-87556346d4af@xymon.invalid> Sent date: Tue, 26 Mar 2019 13:37:32 -0700 Subject: [Xymon] Call for 4.3.29 Patches
▸
Hello all, I'm pushing for a release of 4.3.29 relatively soon. I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes), I'd appreciate if you could point them out. Regards, -jc
NTT DATA SEKISUI SYSTEMS CORPORATION (NDiS)
Toshimitsu FUJIWARA user-a0c422b240b3@xymon.invalid
http://www.ndis.co.jp/
Attachments (1)
list Tom Schmidt
I have one more patch to submit for the Xymon 4.3.29 for the xymonnet application. The attached context diff file makes these changes: - If host is down, do not run rpcinfo or NTP tests on it. Otherwise runtime can be very long (cmdtimeout times the number of hosts down that have an rpcinfo and/or NTP test) - Change "xymonnet: Cannot resolve IP for host" from an error to a warning. This then allows xymonnet check to not always be yellow when hostnames do not resolve in DNS. The host in the hosts.cfg file will still be marked as failing the conn test as before. - Add --cmdtimeout option to the --help usage Thanks...Tom
▸
-----Original Message----- From: Tom Schmidt (tschmidt) Sent: Thursday, March 28, 2019 4:18 PM To: 'Japheth Cleaver' <user-87556346d4af@xymon.invalid>; Xymon Mailing List <xymon at xymon.com> Subject: RE: [EXT] [Xymon] Call for 4.3.29 Patches I have a few patches to submit as well. Attached is a context diff file for my changes to the 4.3.28 source files. Comments includes for most of the changes. Tom -----Original Message----- From: Xymon <xymon-bounces at xymon.com> On Behalf Of Japheth Cleaver Sent: Tuesday, March 26, 2019 2:38 PM To: Xymon Mailing List <xymon at xymon.com> Subject: [EXT] [Xymon] Call for 4.3.29 Patches Hello all, I'm pushing for a release of 4.3.29 relatively soon. I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fxymon%2Fcode%2FHEAD%2Ftree%2Fbranches%2F4.3.29%2FChanges&data=user-e68b78a42832@xymon.invalid%7C40feb9989dd94966d8f008d6b22af49f%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C0%7C636892294904732386&sdata=aE7E5XBovDee%2FIFl7Ec%2FSL3PQ7RTeNDM8zOEDTj8lKc%3D&reserved=0), I'd appreciate if you could point them out. Regards, -jc
Attachments (1)
list Axel Beckert
▸
Hi, On Tue, Mar 26, 2019 at 01:37:32PM -0700, Japheth Cleaver wrote:
I'm pushing for a release of 4.3.29 relatively soon. I've been trying to go through the backlog to identify un-applied patches, but I know there are some that I'm missing. If you have build fixes or runtime changes that have not yet been put in in 4.3.29 already (see: https://sourceforge.net/p/xymon/code/HEAD/tree/branches/4.3.29/Changes), I'd appreciate if you could point them out.
One thing I noticed very recently which might be worth considering for 4.3.29: xymond/etcfiles/xymonserver.cfg.DIST contains: NTPDATEOPTS="-u -q -p 1" If on the host running xymond, ntpdate from the ntpsec project is installed, then I just get the warning: $ ntpdate -u -q -p 1 127.0.0.1 ntpdate: -p is no longer supported. 2019-04-11 19:22:28.524619 (-0200) +0.000002 +/- 0.000053 127.0.0.1 s4 no-leap $ So it might be an idea to drop the "-p 1" completely.
▸
Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
list John Thurston
▸
On 4/11/2019 9:30 AM, Axel Beckert wrote: . .. .
One thing I noticed very recently which might be worth considering for 4.3.29: xymond/etcfiles/xymonserver.cfg.DIST contains: NTPDATEOPTS="-u -q -p 1" If on the host running xymond, ntpdate from the ntpsec project is installed, then I just get the warning: $ ntpdate -u -q -p 1 127.0.0.1 ntpdate: -p is no longer supported. 2019-04-11 19:22:28.524619 (-0200) +0.000002 +/- 0.000053 127.0.0.1 s4 no-leap $ So it might be an idea to drop the "-p 1" completely.
That seems premature. The fact that ntpseq has dropped the parameter does not make it common or standard.
Dropping the "-p 1" option means ntpdate will attempt to collect more than one time sample before returning. In all man pages I've consulted the default value for "samples" is 4. Which means that each non-answering server will block that xymonnet queue for three additional seconds.
If you're using ntpsec, I don't think it is unreasonable to expect you to tweak that parameter on your own server. I don't think it is reasonable to build in a 4x longer delay for everyone.
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska
list Axel Beckert
Hi John,
▸
On Thu, Apr 11, 2019 at 10:33:51AM -0800, John Thurston wrote:So it might be an idea to drop the "-p 1" completely.That seems premature. The fact that ntpseq has dropped the parameter does not make it common or standard.
I expect ntpsec to become standard in the near future. See https://www.ntpsec.org/FAQ.html#_why_ntpsec why. I though must admit, that we're still far away from there, at least in Debian: https://qa.debian.org/popcon-graph.php?packages=ntpsec%2Cntpsec-ntpdate%2Cntp%2Cntpdate&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1 But a decline of ntp installations is clearly visible in that graph (probably due to systemd also providing a time service, though). And ntpsec is not yet available in a Debian Stable release, but will be in the upcoming Debian 10 release "buster". And what also just became clear to me is that only the ntp-announce mailing list is dead with only a single mail since mid 2015 (c.f. http://lists.ntp.org/pipermail/announce/), but there seems to be at least about 1 security update per year: http://support.ntp.org/bin/view/Main/SecurityNotice Maybe forking off ntpsec in 2015 was a kinda wakeup call, at least the amount of security fixes in 2016 was much high than in the years afterwards.
▸
Dropping the "-p 1" option means ntpdate will attempt to collect more than one time sample before returning. In all man pages I've consulted the default value for "samples" is 4. Which means that each non-answering server will block that xymonnet queue for three additional seconds.
Yes, I am aware of that. This only has an impact on bigger setups with more than approx. 75 hosts to monitor. (And yes, I ran into exactly that issue previously when Xymon still had "-p 2" in there.)
▸
If you're using ntpsec, I don't think it is unreasonable to expect you to tweak that parameter on your own server.
Yes, and that's what I did. I nevertheless think it is as reasonable to expect you to tweak that parameter on your own server if you run a big setup. BTDT.
▸
I don't think it is reasonable to build in a 4x longer delay for everyone.
I think Xymon should support both variants by using default settings which work with both implementations. But maybe it should indeed do that only with a later release, when ntpsec gained more traction and is available in more stable distributions.
▸
Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
list Japheth Cleaver
▸
On 4/11/2019 12:12 PM, Axel Beckert wrote:
Hi John, On Thu, Apr 11, 2019 at 10:33:51AM -0800, John Thurston wrote:So it might be an idea to drop the "-p 1" completely.That seems premature. The fact that ntpseq has dropped the parameter does not make it common or standard.I expect ntpsec to become standard in the near future. See https://www.ntpsec.org/FAQ.html#_why_ntpsec why. I though must admit, that we're still far away from there, at least in Debian: https://qa.debian.org/popcon-graph.php?packages=ntpsec%2Cntpsec-ntpdate%2Cntp%2Cntpdate&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1 But a decline of ntp installations is clearly visible in that graph (probably due to systemd also providing a time service, though). And ntpsec is not yet available in a Debian Stable release, but will be in the upcoming Debian 10 release "buster". And what also just became clear to me is that only the ntp-announce mailing list is dead with only a single mail since mid 2015 (c.f. http://lists.ntp.org/pipermail/announce/), but there seems to be at least about 1 security update per year: http://support.ntp.org/bin/view/Main/SecurityNotice Maybe forking off ntpsec in 2015 was a kinda wakeup call, at least the amount of security fixes in 2016 was much high than in the years afterwards.I don't think it is reasonable to build in a 4x longer delay for everyone.I think Xymon should support both variants by using default settings which work with both implementations. But maybe it should indeed do that only with a later release, when ntpsec gained more traction and is available in more stable distributions. Kind regards, Axel
It's definitely worth calling out in the notes somewhere for those
platforms affected. F30 at least is still using legacy ntpdate.
Axel: Is that ending up in xymonnet.log, or is it elsewhere? And over
STDERR?
-jc
list Axel Beckert
Hi JC, On Thu, Apr 11, 2019 at 01:07:11PM -0700, Japheth Cleaver wrote: [ntpsec's ntpdate dropped -p option]
Axel: Is that ending up in xymonnet.log, or is it elsewhere?
It's ending up in the report itself: Thu Apr 11 18:40:41 2019 ntp NOT ok Service ntp on kote5 is not OK : Service unavailable Command: ntpdate -u -q -p 1 127.0.0.1 2>&1 ntpdate: -p is no longer supported. ntpdig: 127.0.0.1: Response dropped: stratum 0, probable KOD packet ntpdig: no eligible servers (The last two lines are from a not fully started ntpd.)
And over STDERR?
Over STDERR, yes. It also does seem to still exit with zero, so the only result is this warning (unrecognized by Xymon as such) in the report. So I'd say, as of now, it's indeed safe to keep "-p 1" as it still works. The errors in the example (which actually triggered my mail initially) above were caused by other issues, i.e. the red state was legit. :-) Later (i.e. with a fixed configuration and ntpd running for a while) it looked like this: Thu Apr 11 18:59:44 2019 ntp ok Service ntp on kote5 is OK (up) Command: ntpdate -u -q 127.0.0.1 2>&1 2019-04-11 18:59:44.967208 (-0200) -0.000018 +/- 0.000064 127.0.0.1 s3 no-leap In comparison to old ntpdate looks like this: Fri Mar 29 13:42:50 2019 ntp ok Service ntp on kote5 is OK (up) Command: ntpdate -u -q -p 1 127.0.0.1 2>&1 server 127.0.0.1, stratum 2, offset -0.000018, delay 0.02570 29 Mar 13:42:53 ntpdate[25715]: adjust time server 127.0.0.1 offset -0.000018 sec (No proper time format, no time zone, no year, duplicated information, multi-line, etc. :-)
▸
Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
list Galen Johnson
It'd be nice to see support for chrony as an alternative to ntp (ntpdate or otherwise). =G=
▸
On Thu, Apr 11, 2019 at 5:18 PM Axel Beckert <user-bc188e45dae4@xymon.invalid> wrote:
Hi JC, On Thu, Apr 11, 2019 at 01:07:11PM -0700, Japheth Cleaver wrote: [ntpsec's ntpdate dropped -p option]Axel: Is that ending up in xymonnet.log, or is it elsewhere?It's ending up in the report itself: Thu Apr 11 18:40:41 2019 ntp NOT ok Service ntp on kote5 is not OK : Service unavailable Command: ntpdate -u -q -p 1 127.0.0.1 2>&1 ntpdate: -p is no longer supported. ntpdig: 127.0.0.1: Response dropped: stratum 0, probable KOD packet ntpdig: no eligible servers (The last two lines are from a not fully started ntpd.)And over STDERR?Over STDERR, yes. It also does seem to still exit with zero, so the only result is this warning (unrecognized by Xymon as such) in the report. So I'd say, as of now, it's indeed safe to keep "-p 1" as it still works. The errors in the example (which actually triggered my mail initially) above were caused by other issues, i.e. the red state was legit. :-) Later (i.e. with a fixed configuration and ntpd running for a while) it looked like this: Thu Apr 11 18:59:44 2019 ntp ok Service ntp on kote5 is OK (up) Command: ntpdate -u -q 127.0.0.1 2>&1 2019-04-11 18:59:44.967208 (-0200) -0.000018 +/- 0.000064 127.0.0.1 s3 no-leap In comparison to old ntpdate looks like this: Fri Mar 29 13:42:50 2019 ntp ok Service ntp on kote5 is OK (up) Command: ntpdate -u -q -p 1 127.0.0.1 2>&1 server 127.0.0.1, stratum 2, offset -0.000018, delay 0.02570 29 Mar 13:42:53 ntpdate[25715]: adjust time server 127.0.0.1 offset -0.000018 sec (No proper time format, no time zone, no year, duplicated information, multi-line, etc. :-) Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
list Andy Smith
▸
Hi JC, On Tue, Mar 26, 2019 at 01:37:32PM -0700, Japheth Cleaver wrote:
I'm pushing for a release of 4.3.29 relatively soon.
These 2 changes allow you to run the client from a shared directory.
*** ./client/runclient.sh.FCS Wed Jan 27 21:12:32 2016
--- ./client/runclient.sh Fri Apr 12 07:14:38 2019
***************
*** 86,92 ****
rm -f $XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid
fi
! $XYMONCLIENTHOME/bin/xymonlaunch
--config=$XYMONCLIENTHOME/etc/clientlaunch.cfg
--log=$XYMONCLIENTHOME/logs/clientlaunch.log
--pidfile=$XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid
if test $? -eq 0; then
echo "Xymon client for $SERVEROSTYPE started on
$MACHINEDOTS"
else
--- 86,92 ----
rm -f $XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid
fi
! $XYMONCLIENTHOME/bin/xymonlaunch
--config=$XYMONCLIENTHOME/etc/clientlaunch.cfg
--log=$XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.log
--pidfile=$XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid
if test $? -eq 0; then
echo "Xymon client for $SERVEROSTYPE started on
$MACHINEDOTS"
else
*** ./client/clientlaunch.cfg.FCS Wed Apr 10 09:40:32 2019
--- ./client/clientlaunch.cfg Fri Apr 12 07:14:55 2019
***************
*** 17,28 ****
DISABLED
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon
--pidfile=$XYMONCLIENTLOGS/msgcache.pid
! LOGFILE $XYMONCLIENTLOGS/msgcache.log
# The main client task
[client]
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/xymonclient.sh
! LOGFILE $XYMONCLIENTLOGS/xymonclient.log
INTERVAL 5m
--- 17,28 ----
DISABLED
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon
--pidfile=$XYMONCLIENTLOGS/msgcache.pid
! LOGFILE $XYMONCLIENTLOGS/msgcache.$MACHINEDOTS.log
# The main client task
[client]
ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
CMD $XYMONCLIENTHOME/bin/xymonclient.sh
! LOGFILE $XYMONCLIENTLOGS/xymonclient.$MACHINEDOTS.log
INTERVAL 5m
--
Andy
list Japheth Cleaver
▸
On 4/11/2019 11:20 PM, Andy Smith wrote:
Hi JC, On Tue, Mar 26, 2019 at 01:37:32PM -0700, Japheth Cleaver wrote:I'm pushing for a release of 4.3.29 relatively soon.These 2 changes allow you to run the client from a shared directory. *** ./client/runclient.sh.FCS Wed Jan 27 21:12:32 2016 --- ./client/runclient.sh Fri Apr 12 07:14:38 2019 *************** *** 86,92 **** rm -f $XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid fi ! $XYMONCLIENTHOME/bin/xymonlaunch --config=$XYMONCLIENTHOME/etc/clientlaunch.cfg --log=$XYMONCLIENTHOME/logs/clientlaunch.log --pidfile=$XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid if test $? -eq 0; then echo "Xymon client for $SERVEROSTYPE started on $MACHINEDOTS" else --- 86,92 ---- rm -f $XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid fi ! $XYMONCLIENTHOME/bin/xymonlaunch --config=$XYMONCLIENTHOME/etc/clientlaunch.cfg --log=$XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.log --pidfile=$XYMONCLIENTHOME/logs/clientlaunch.$MACHINEDOTS.pid if test $? -eq 0; then echo "Xymon client for $SERVEROSTYPE started on $MACHINEDOTS" else *** ./client/clientlaunch.cfg.FCS Wed Apr 10 09:40:32 2019 --- ./client/clientlaunch.cfg Fri Apr 12 07:14:55 2019 *************** *** 17,28 **** DISABLED ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon --pidfile=$XYMONCLIENTLOGS/msgcache.pid ! LOGFILE $XYMONCLIENTLOGS/msgcache.log # The main client task [client] ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/xymonclient.sh ! LOGFILE $XYMONCLIENTLOGS/xymonclient.log INTERVAL 5m --- 17,28 ---- DISABLED ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/msgcache --no-daemon --pidfile=$XYMONCLIENTLOGS/msgcache.pid ! LOGFILE $XYMONCLIENTLOGS/msgcache.$MACHINEDOTS.log # The main client task [client] ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg CMD $XYMONCLIENTHOME/bin/xymonclient.sh ! LOGFILE $XYMONCLIENTLOGS/xymonclient.$MACHINEDOTS.log INTERVAL 5m
Hmm. The patch makes sense, but is there a particular rw use case you guys are using for this with shared log file directories? This would likely require changes to log rotation configs too. -jc